Web Reputation settings

The Web Reputation module protects against web threats by blocking access to malicious URLs. Deep Security uses Trend Micro's Web security databases from Smart Protection Network sources to check the reputation of Web sites that users are attempting to access. The Web site's reputation is correlated with the specific Web reputation policy enforced on the computer. Depending on the Web Reputation Security Level being enforced, Deep Security will either block or allow access to the URL.

The Web Reputation configuration for this Policy or computer inherits its on or off state from either its parent Policy unless you choose to override it.

The Web Reputation section of the policy editor and computer editor has the following tabbed sections:

General

Web Reputation

You can configure this Policy or Computer to inherit its Web Reputation On/Off state from its parent Policy or you can lock the setting locally.

Security Level

The Web Reputation rating system assigns the following risk levels to URLs:

  • Dangerous: A URL that has been confirmed as fraudulent or a known source of threats
  • Highly Suspicious: A URL that is suspected to be fraudulent or a known source of threats
  • Suspicious: A URL that is associated with spam or possibly compromised
  • Safe: A URL that is not a risk

Select a security level to implement:

High: blocks pages that are:

  • Dangerous
  • Highly suspicious
  • Suspicious

Medium: blocks pages that are:

  • Dangerous
  • Highly suspicious

Low: blocks pages that are:

  • Dangerous

Block pages that have not been tested by Trend Micro: Blocks pages that are:

  • Unrated by Trend Micro

Exceptions

Exceptions are lists of URLs that are blocked or allowed regardless of their safety ratings.

The Allowed list takes precedence over the Blocked list. URLs that match entries in the Allowed list are not checked against the Blocked list.

Allowed

URLs included in the Allowed list will be accessible regardless of their safety ratings. Multiple URLs can be added at once but they must be separated by a line break. When adding URLs to the Allowed list, select whether to allow all URLs with the same domain or the URL:

  • Allow URLs from the domain: Allow all pages from the domain. Sub-domains are supported. Only include the domain (and optionally sub-domain) in the entry. For example, "example.com" and "another.example.com" are valid entries.
  • Allow the URL: The URL as entered will be allowed. Wildcards are supported. For example, "example.com/shopping/coats.html", and "example.com/shopping/*" are valid entries.

Blocked

URLs and URLs containing specified keywords included in the Blocked list are always blocked (unless there is an overriding entry in the Allowed list). Multiple URLs or keywords can be added at once but they must be separated by a line break. When blocking URLs, you select whether to block all URLs from a domain, to block the URL, or to block URLs that contain a specific keyword.

  • Block URLs from the domain: Block all pages from the domain. Sub-domains are supported. Only include the domain (and optionally sub-domain) in the entry. For example, "example.com" and "another.example.com" are valid entries.
  • Block the URL: The URL as entered will be blocked. Wildcards are supported. For example, "example.com/shopping/coats.html", and "example.com/shopping/*" are valid entries.
  • Block URLs containing this keyword: Any URL containing the keyword will be blocked.

Smart Protection

Smart Protection Server for Web Reputation Service

Smart Protection Service for Web Reputation supplies web reputation information required by the Web Reputation module. Select whether to connect directly to Trend Micro's Smart Protection service or whether to connect to one or more locally installed Smart Protection Servers.

Select the "When off domain, connect to global Smart Protection Service. (Windows only.)" option to use the global Smart Protection Service if the computer is off domain. The computer is considered to be off domain if it cannot connect to its domain controller. (This option is for Windows Agents only.)

View the list of available proxies on the Administration > System Settings > Proxies tab.

Smart Protection Server Connection Warning

This option determines whether error events are generated and Alerts are raised if a computer loses its connection to the Smart Protection Server.

If you have a locally installed Smart Protection Server, this option should be set to Yes on at least one computer so that you are notified if there is a problem with the Smart Protection Server itself.

Advanced

Blocking page

When users attempt to access a blocked URL, they will be redirected to a blocking page. Provide a link they can use to request access to the blocked URL.

Alert

Select whether to raise an Alert when a Web Reputation event is logged.

Ports

Select specific ports to monitor for potentially harmful web pages.

Local Event Notification

Display local notifications via the Deep Security Notifier when access to a malicious Web site is blocked. (For more information, see Deep Security Notifier.)

Events

Web Reputation Events are displayed the same way they are in the main Deep Security Manager window except that only events relating to computers using this Policy are displayed.